๐บ๐ธ
TPI-Abuse
2026-07-14 01:05:40
(3 hours ago)
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptel ...
show more
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 21:05:32.357558 2026] [security2:error] [pid 30393:tid 30393] [client 131.196.228.231:46759] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 131.196.228.231 (+1 hits since last alert)|deborahbein.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "deborahbein.com"] [uri "/xmlrpc.php"] [unique_id "alWLXJFPUbpfFDpSPn73pAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-13 17:55:17
(10 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 22:55:08
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptel ...
show more
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 18:55:03.761023 2026] [security2:error] [pid 21051:tid 21061] [client 131.196.228.231:8056] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 131.196.228.231 (+1 hits since last alert)|tkfay.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tkfay.com"] [uri "/xmlrpc.php"] [unique_id "alLJxzhlZBOCSTVCFsz8GgAAAQg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
BlueWire Hosting
2026-07-10 14:49:03
(3 days ago)
Probing websites for vulnerabilities
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 21:05:34
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptel ...
show more
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 17:05:31.173043 2026] [security2:error] [pid 1271:tid 1271] [client 131.196.228.231:3756] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 131.196.228.231 (+1 hits since last alert)|montidaunitour.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "montidaunitour.com"] [uri "/xmlrpc.php"] [unique_id "ak1qG6PbyGpa5dID4VCFuQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-03 21:02:04
(1 week ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 18:52:28
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptel ...
show more
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 14:52:22.793637 2026] [security2:error] [pid 23549:tid 23945] [client 131.196.228.231:3643] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 131.196.228.231 (+1 hits since last alert)|hooknpatch.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hooknpatch.com"] [uri "/xmlrpc.php"] [unique_id "akgE5oGZwPs6qzTmUCllFQAAAFc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-03 18:28:27
(1 week ago)
131.196.228.231 - - [03/Jul/2026:20:28:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
...
Brute-Force
Bad Web Bot
Anonymous
2026-07-03 00:35:27
(1 week ago)
131.196.228.231 - - [03/Jul/2026:02:35:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
131.196.228.231 ...
show more
131.196.228.231 - - [03/Jul/2026:02:35:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
131.196.228.231 - - [03/Jul/2026:02:35:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
...
show less
Brute-Force
Bad Web Bot
๐บ๐ธ
WeekendWeb
2026-07-02 23:54:05
(1 week ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 17:04:56
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptel ...
show more
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 13:04:50.253530 2026] [security2:error] [pid 19380:tid 19380] [client 131.196.228.231:24740] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 131.196.228.231 (+1 hits since last alert)|blaslandsporthorses.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "blaslandsporthorses.com"] [uri "/xmlrpc.php"] [unique_id "akVIsnZEBeoEQ6qMtlg_5gAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
YF
2026-07-01 01:30:29
(1 week ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-01 00:35:04
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptel ...
show more
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 20:34:58.278660 2026] [security2:error] [pid 9836:tid 9836] [client 131.196.228.231:44346] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 131.196.228.231 (+1 hits since last alert)|centrodentalsindolor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "centrodentalsindolor.com"] [uri "/xmlrpc.php"] [unique_id "akRgsgVj7p3qZqDA52cP5QAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 22:01:30
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptel ...
show more
(mod_security) mod_security (id:240335) triggered by 131.196.228.231 (static-131-196-228-231.bruptelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 18:01:20.154015 2026] [security2:error] [pid 14307:tid 14307] [client 131.196.228.231:33644] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 131.196.228.231 (+1 hits since last alert)|waterspell.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "waterspell.net"] [uri "/xmlrpc.php"] [unique_id "akQ8sOlIvwFY_g59HiKrCAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
hermawan
2026-06-04 18:32:24
(1 month ago)
[Fri Jun 05 01:32:18.819513 2026] [security2:error] [pid 423036:tid 139764528297664] [client 131.196 ...
show more
[Fri Jun 05 01:32:18.819513 2026] [security2:error] [pid 423036:tid 139764528297664] [client 131.196.228.231:10878] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bmkg.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www.bmkg.go.id/ request_line = GET /index.php/profil/meteorologi/list-all-categories HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-all-categories"] [unique_id "aiHEsgeNQ3_4sTbWwLqRuAAABwU"], referer https://www.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[423069] [opiSwzEsNYo] [aiHEsgeNQ3_4sTbWwLqRuAAABwU] keep_alive=[1] [2026-06-05 01:32:18.819517] [R:aiHEsgeNQ3_4sTbWwLqRuAAABwU] UA:'Mozilla/5.0 (Linux; Android 14; Pixel 6 Pro) AppleWebKit/537.36 (KHTML, like
...
show less
Email Spam
Hacking